Fail2Ban not banning IP addresses

I’ve tried to make a call from my softphone with the incorrect credentials and my IP address isn’t getting banned. If I add the IP address of the softphone I’m using (with fail2ban-client set…) I can still make calls from this softphone.

[[email protected] fail2ban]# fail2ban-client status asterisk-iptables
Status for the jail: asterisk-iptables
|- filter
|  |- File list:        /var/log/asterisk/fail2ban
|  |- Currently failed: 0
|  `- Total failed:     0
`- action
   |- Currently banned: 0
   |  `- IP list:
   `- Total banned:     0

In the fail2ban logs I can also see several entries like this with the same IP addresses.

[2022-11-03 20:14:14] SECURITY[2246] res_security_log.c: SecurityEvent="FailedACL",EventTV="2022-11-03T20:14:14.685+0000",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="anonymous",SessionID="1182476902",LocalAddress="IPV4/UDP/",RemoteAddress="IPV4/UDP/",ACLName="registrar_attempt_without_configured_aors"

My maxretry is set to 5 but there are more than 5 attempts from several IPs in the logs. Does anyone know what I can be doing wrong?

Unless patched, I don’t believe your fail2ban has any ‘regexes’ that accommodate any chan_pjsip failures.

Not a solution but pertinent :slight_smile: